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Massachusetts  has 
set  stringent  rules  on 
storing  personal  data. 
But  will  businesses 
ever  have  to  comply 
with  them?  pai 

The  final  stimulus  bill 
tally:  Yes  on  new  H-1B 
curbs  for  banks,  no  on 
E-Verify  usage. 

Carnegie 

Mellon's  Jeannette  M. 
Wing  urges  research¬ 
ers  to  focus  on  the 
security  threats  of 
the  future,  page  ir, 


With  no  clear  identity 
anymore,  IT  is  in  dan¬ 
ger  of  being  defined 
by  others. 

Why  puny  little  net- 
books  are  a  big  threat 
to  Microsoft. 


A  new  Web  site  offers 
a  peek  at  IT  salary 
data  and  workplace 
reviews  of  thousands 
of  companies. 


COMPOTERWORLO.COM 


After  two  decades  of  significant  investment  in  IT, 
it's  clear  that  greater  spending  doesn't  necessarily 
deliver  greater  results.  Accenture's  groundbreaking 
study  of  over  500  high-performance  businesses, 
as  well  as  our  hands-on  experience  with  the  world's 
leading  companies,  has  given  us  pragmatic, 
real-world  insights  into  what  works,  what 
doesn't,  and  why.  Because  it's  not  how  much  you 
put  into  your  IT  that  counts.  It's  how  much  you 
get  out  of  it. 
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6  Microsoft  announces  a  "finger-  18  The  Drill:  Carnegie  Mellons 
friendly"  upgrade  of  Windows  Jeannette  M.  Wing  talks  about 

Mobile.  |  Also,  the  software  vendor  "computational  thinking."  tomorrow's 

rebuts  allegations  that  It  profits  security  threats  and  her  hopes  for  a 

when  users  “downgrade”  from  focus  on  science  from  the  Obama 

Vista  to  Windows  XP.  administration. 


8  Los  Alamos  National  Lab  is 
reviewing  its  security  policies 

following  disclosures  that  donna 
of  computers  have  been  lost  or 
stolen.  |  Hackers  hit  OovTrip.com, 
~  a  travel  site  used  by 


■  NEWS  ANALYSIS 
12  State  of  Uncertainty:  Secu¬ 
rity  Rules  Slow  to  Take  Hold  in 

Mass.  Massachusetts  officials  have 
set  stringent  regulations  on  storing 
personal  data,  but  they  keep  extend¬ 
ing  the  compliance  deadline. 

14  Stimulus  Package  Sets 
H-1B  Limits;  E- Verify  Usage 
Mandate  Left  OuL  The  economic 
stimulus  bill  restricts  H-1B  hiring  by 
banks  getting  bailout  funds.  But 
employers  won't  have  to  use  the 
government's  E-Verify  system  to  vet 


■  OPINION 

4  Editor's  Note:  Don  Tennant 

says  IT  leaders  need  to  know  when 
tobackoffandhowtopicktheright 
projects  to  champion. 

19  Thornton  A.  May  urges  IT  pro¬ 
fessionals  to  define  their  identities 
before  others  do  it  for  them. 

34  Preston  Oraila  notes  that 
puny  little  netbooks  are  threatening 
big.  bad  Microsoft. 

40  Frankly  Speaking:  Frank 
Hayas  finds  a  message  for  IT  in  the 
Facebook  fiasco. 


32  Security  Manager's 
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and  Save  Money,  Too.  If  you 

keep  an  open  mind,  you  can  hnd 
waysto  improve  security  without 
breaking  the  bank. 
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I  IT  MENTOR:  You  don't  have  to  be  a 
I  Project  Management  Professional  to 

I  helps  if  you  think  like  one,  says'  CISSP 
I  Dreg  Schaffer. 


Don  Tennant 

Alleviating  Panic 


IN  AN  E-MAIL  EXCHANGE  with  an  IT  executive  in 
Minnesota  last  week,  I  asked  about  the  role  chief  finan¬ 
cial  officers  play  in  determining  which  IT  projects  re¬ 
ceive  funding  in  these  troubled  economic  times  and 
which  are  kicked  unapologetically  to  the  curb.  Given  that  IT 
outlays  often  account  for  a  high  percentage  of  a  company’s  cap¬ 
ital  expenditure,  is  the  CFO’s  role  more  prominent  these  days? 


which  projects  to  cham¬ 
pion  in  the  first  place. 

That’s  the  conclusion 
I  drew  when  I  read  this 
week’s  cover  story,  Tam 
Harbert's  “Saving  Stra¬ 
tegic  Projects”  (page  22). 


Harbert  also  cites  Gart¬ 
ner  analyst  Jorge  Lopez, 
who  spoke  of  an  IT  ex¬ 
ecutive  at  an  oil  company 


Coetzee  said.  “I  backed  off  sort  of  battle  plan  for  de-  [economic]  storm,”  L 

on  a  highly  important  IT  fending  the  IT  kingdom.  said.  “Because  if  it’s  i 

project  just  the  other  day  Coetzee’s  emphasis  on  not  only  will  the  proj 
because  the  CFO  could  the  IT  executive’s  role  gone,  but  if  you  fight 


in  our  cover  story  as  well. 
Vivek  Kundra,  CTO  for  the 
District  of  Columbia,  had  a 
$4  million  budget  to  build 
an  intranet  for  the  district, 
which  has  a  debilitating 
$130  million  budget  deficit. 
Using  cloud  computing, 
Google  Apps  and  wikis,  he 
built  it  for  $475,000.  Mean¬ 
while,  Sunoco’s  Whatnell 
wonders  why  companies 
aren’t  using  Skype  instead 
of  some  obscenely  priced 
videoconferencing  system. 

The  trick,  of  course,  is 
to  cut  costs  without  over¬ 
reacting  in  a  way  that  deci¬ 
mates  the  company’s  pro¬ 
ductivity.  Coetzee  cited  an 


■  The  CIO  needs  to 
focus  on  sustaining 
the  company,  not 
on  buttressing  the 
company's  depen¬ 
dence  on  IT. 


president  of  IT  at  Jacobs 
Engineering,  said  now  is 
the  time  to  explore  new 
technologies  like  Google 
Apps  —  low-  or  no-cost 
technologies  that  in  the 
past  seemed  “wacky”  to 
traditional  IT  shops  but 
now  "might  actually 


ONLINE  CHATTER  ■ 


RESPONSE  TO: 

Teaching  Old  Docs 
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The  HITECH  Act  —  and  $20  biilioi 
down  payment  —  is  a  grand  first 
act  toward  establishing  pervasive 
electronic  health  records  through- 


perfect  information  envirc 
The  goal  of  comprehensi 
first  requires  comprehensiv 
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The  Storm  in  :  Power-Line  Devices: 
The  Enterprise  |  Do  They  Really  Work? 

The  newest  BlackBerry  is  ;  Review:  Power-line  devices,  - 

poised  to  give  other  smart-  i  which  connect  a  computer  to  a  I 

phones  a  run  for  their  mon-  I  router  via  a  home's  electrical  wir-  I 

ey  in  the  enterprise.  But  ;  ing,  can  be  good  alternatives  to  I 

there  are  challenges,  users  ;  wireless  and  wired  connections.  I 
say,  and  testing  is  key.  ;  But  how  well  do  they  really  work?  " 
. ;  Bill  O'Brien  tested  five;  here's  what  h 
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Apple  Inc.'s  App  Store 

ing  the  mobile  version  of 
Internet  Explorer. 

But  it's  the  new  user 
interface  in  Windows 
Mobile  6.5  that  has  the 
potential  to  put  phones 
based  on  the  Microsoft  op- 

class  as  devices  such  as  the 
iPhone.  BlackBerry  Storm 
and  T-Mobile  Gl.  ' 
“Everything  is  now  finger- 
friendly."  said  Scott  Rock- 
feld,  Microsoft's  group 
product  manager  for  Win¬ 
dows  Mobile.  Most  of  the 


The  honeycomb-style 
start-up  screen  also  enables 
users  to  launch  applications 
by  simply  dragging  their 
icons,  according  to  Micro¬ 
soft  officials.  In  addition,  the 
operating  system  lets  users 
return  missed  calls  or  mes¬ 
sages  with  a  single  click. 


support,’  and  they  might  not 
get  as  much  pushback." 

—  Mutt  Hamblen, 
with  Nancy  Gohring 
vf  the  IDG  News  Service 


icrosoft  Corp.  last 
week  rebutted  allega¬ 
tions  that  it  charges  users 
to  downgrade  from  the  Win¬ 
dows  Vista  operating  system 
to  the  older  XP  software. 

Complainant  Emma  Al- 
of  Los  Angeles  con¬ 
tends  that  she  was  unfairly 
charged  a  $59.25  fee  to 
downgrade  a  new  Lenovo 
laptop  from  Vista  to  XP. 

A  clause  in  the  Windows 


older  edition  without  having 

“Microsoft  does  not  charge 
or  receive  any  additional  roy¬ 
alty  if  a  customer  exercises 
[downgrade]  rights.”  said  a 
Microsoft  spokesman. 

The  lawsuit  charges  that 
Microsoft's  policy  barring 
computer  makers  from  of¬ 
fering  XP  on  new  PCs  after 
Vista's  early-2007  launch 
violated  Washington  state 
consumer-protection  laws. 

The  lawsuit  seeks  damag¬ 
es  and  class-action  status. 

-  GREGG  KEIZER 


■■  been  forced  to 
purchase  the  most 
expensive  version 
of  [XP]  in  order  to 
‘downgrade’  from . . . 
Windows  Vista. 
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BETWEEN 


to  several  felackBerry  devic¬ 
es  and  to  phones  from  Nokia 
and  Samsung  in  April.  Users 
will  be  able  to  launch  the 
software  from  the  browsers 
on  their  phones  and  par¬ 
ticipate  fully  in  webconfer- 
ences  and  audio  meetings. 
Cisco  said. 

MySpace  announced  that 
its  social  networking  site 
will  soon  be  available  on  the 
upcoming  Palm  Pre  smart¬ 
phone  and  on  Nokia’s  S60 
devices.  The  company  — 
which  already  supports  the 
iPhone,  BlackBerry,  Side- 
kick  and  Android  platforms 


Hlspatches 

Mac  Clone  Maker 
Doesn’t  Fear  Apple 

WOLFSBURG.  Germany  - 
HyperMegaNet  UG,  a  maker 
of  Macintosh  computer  clones, 
last  week  said  His  ready  to 
defend  the  use  of  Apple  Inc.'s 
Mac  OS  X  in  its  PearC  comput¬ 
er  line  in  court  if  necessary. 

“First,  we  try  to  settle  with 
Apple  out  of  court."  said  a 
spokesman  for  HyperMegaNet. 


The  HyperMegaNet  spokes¬ 
man  said  that  Apple  has  yet  to 
contact  the  company.  Apple 
did  not  respond  to  a  request  for 

Gregg  Keizer. 

Computerworld 

Google  May  Open 
Data  Center  in 
Finnish  Paper  Mill 

HAMINA.  Finland  -Google 
Inc.  said  it  might  open  a  data 
center  here,  on  the  site  of  a 
closed  paper  mill  that  it  has 
agreed  to  buy  for  €40  million 
($51  million  U.S.). 


place,"  it  added. 

The  transaction  is  slated  to 
close  during  this  year's  first 

Jeremy  Kirk, 

IDG  News  Service 

BRIEFLY  NOTED 
Fujitsu  Ltd.  has  agreed  to 
sell  its  struggling  hard  disk 
drive  business  to  Toshiba 
Corp.  for  an  undisclosed  sum. 
The  deal  is  expected  to  close 
by  midyear.  Tokyo-based 
Toshiba  said  the  acquisition 
will  allow  it  to  enter  the  high- 
end  drive  business,  and  to 
expand  its  line  of  solid-state 


es  and  to  phones  from  Nokia 
and  Samsung  in  April  Users 
will  be  able  to  launch  the 
software  from  the  browsers 
on  their  phones  and  par¬ 
ticipate  fully  in  webconfer- 
ences  and  audio  meetings, 
Cisco  said. 

MySpace  announced  that 
its  social  networking  site 
will  soon  be  available  on  the 
upcoming  Palm  Pre  smart¬ 
phone  and  on  Nokia’s  S60 
devices.  The  company  — 
which  already  supports  the 
iPhone,  BlackBerry,  Side- 
kick  and  Android  platforms 
—  said  it  plans  to  have  its 
site  running  on  all  major 
smartphones  by  year's  end. 

MySpace  officials  added 
that  they  expect  half  of  the 
social  network's  users  to  be 
accessing  the  site  via  mobile 
devices  within  a  few  years. 

Like  MySpace,  Yahoo  is 
revamping  its  Web  portal 


foal , 

itches 


Doesn't  Fear  Apple 


HyperMegaNet  UQ,  a  maker 
of  Macintosh  computer  clones, 
last  week  said  H  is  ready  to 
defend  the  use  of  Apple  Inc.'s 
Mac  OS  X  In  Its  PearC  comput- 


■Flrst  we  try  to  settle  with 
Apple  out  of  court"  said  a 
spokesman  for  HyperMegaNet. 
which  Is  based  here.  "But  If 
necessary,  we  are  not  afraid 
of  going  to  court  with  Apple." 

Uke  computers  sold  by 
Ooral,  Fla. -based  Psystar 
Corp.,  wNch  has  been  locked 
in  a  legal  battle  with  Apple  over 
its  Mac  clones  since  July,  the 
PearCs  run  Mac  OS  X  10.5. 


closed  paper  mill  that  It  has 
agreed  to  buy  for  £40  million 
(SSI  million  U.S.). 

Store  Enso  Oyi,  a  paper  pro¬ 
duction  company  In  Helsinki, 
closed  the  min  last  month. 

"We  are  currently  consid¬ 
ering  building  a  data  center 
at  this  she,"  Google  said  In  a 


Corp.  for  an  undisclosed  sum. 
The  deal  is  expected  to  closi 
by  midyear.  Tokyo-based 
Toshiba  said  the  acquisition 
will  allow  It  to  enter  the  high- 
end  drive  business,  and  to 
expand  Its  line  of  SOM-state 
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With  the  world's  data  growing  dramatically.  IBM  storage  virtualization  solutions 
can  help  you  gain  control  in  a  responsible,  energy-efficient  way  The  IBM 
System  Storage  SAN  Volume  Controller  can  reduce  storage  growth  by  up  to 
20%  and  boost  utilization  by  as  much  as  30%.  And  combined  with  IBM  tape 
solutions,  some  companies  have  reduced  their  TCO  by  as  much  as  50%.  A 
greener  world  starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

Get  our  storage  virtualization  whitepapei  al  ibm.com  green  info 
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STATE  OF  UNCERTAINTY: 

Security  Rules 
Slow  to  Take 
Hold  in  Mass. 


New  regulations  on  storing 
personal  data  have  businesses 
up  in  arms  —  and  not  just  in 
Massachusetts.  But  the  state 
keeps  delaying  its  compliance 
deadline.  By  Jaikumar  Vijayan 


M 


IASSACHUSETTS 
officials  this 
month  gave  com¬ 
panies  a  second 
reprieve  on  complying  with 
new  regulations  aimed  at 
any  entity  that  stores  the 
personal  data  of  state  resi¬ 
dents.  They  also  softened  a 
particularly  contentious  pro¬ 
vision  requiring  businesses 
to  ensure  that  third  parties 
handling  such  data  are  in 
compliance  with  the  rules. 

But  the  state  left  intact 
other  parts  of  the  regula¬ 
tions  that  have  sparked 
criticism  from  the  business 
community  both  inside  and 
outside  of  Massachusetts. 
And  even  with  the  extension 
of  the  compliance  deadline 
from  May  1  to  the  start  of 
next  year,  meeting  the  re¬ 
quirements  could  be  a  chal¬ 
lenge  for  some  companies. 
Massachusetts  isn't  the 


only  state  imposing  security 
regulations  on  businesses. 
Last  fall,  Nevada  put  into 
effect  a  rule  requiring  per¬ 
sonal  data  to  be  encrypted 
if  it's  transmitted  outside  of 
a  company’s  network.  And 
New  Jersey  is  phasing  in  a 
set  of  data  security  man¬ 
dates  over  a  two-year  period. 

But  the  regulations  an¬ 
nounced  last  September  by 
the  Massachusetts  Office  of 
Consumer  Affairs  and  Busi¬ 
ness  Regulation  (OCABR) 
specify  a  long  list  of  steps 
for  protecting  personal  data 
and  reqiiire  companies  to 
create  wide-ranging  internal 
security  programs  and  poli¬ 
cies  (see  “Mandated  in  Mas¬ 
sachusetts,”  next  page). 

Also,  the  OCABR  defines 
personal  data  more  strin¬ 
gently:  as  an  individual's 
name  along  with  his  Social 
Security  or  driver’s  license 


number,  or  with  a  financial 
account  number.  In  Nevada, 
bank  and  credit  card  num¬ 
bers  must  also  be  accompa¬ 
nied  by  a  PIN  or  password 
to  meet  the  state’s  definition  | 
of  personal  data. 

In  addition,  the  OCABR’s  ) 
rules  were  written  to  apply  to 
all  organizations  that  handle  j 
the  data  of  Massachusetts 
residents,  whether  the  busi-  | 
nesses  are  based  in  the  state 
or  not  And  the  regulations 
are  expected  to  spawn  a 
host  of  me-too  measures  in 
other  states. 

From  an  implementation 
standpoint,  the  rules  set 
by  Massachusetts  are  "the 
most  stringent  data  security 
regulations  in  the  U.S,"  said 
the  chief  privacy  officer  at  a 
large  bank  that  has  nuro 
ous  branches  in  the  state 

Because  of  the  wide  range 


of  mandated  actions,  finding 
enough  “time  and  capac¬ 
ity  to  implement  this  in  a 
meaningful  way”  will  be  a 
big  hurdle,  said  the  CPO, 
who  requested  anonymity. 
“Pushing  an  unreasonable 
timeline  to  businesses  will 
force  many  to  duct-tape  to¬ 
gether  a  [security]  program 
that  appears  to  meet  the 
requirements  but  offers  little 
real  protection,”  he  warned. 

Last  month,  a  coalition  of 
70  organizations  —  includ¬ 
ing  the  Retailers  Associa¬ 
tion  of  Massachusetts,  the 
Massachusetts  Bankers  As¬ 
sociation,  the  Greater  Bos¬ 
ton  Chamber  of  Commerce 
and  companies  such  as  Wal- 
Mart,  Target,  Microsoft  and 
Google  —  submitted  a  peti¬ 
tion  to  the  OCABR  asking 
for  a  “rigorous  stakeholder 
analysis”  of  the  regulations. 

The  petition  questioned 
the  third-party  data-handling 
rules  and  the  need  for  man¬ 
datory  encryption,  data 
inventories  and  limits  on  the 
information  that  companies 
collect.  It  also  described  the 
May  1  compliance  deadline 
as  “overly  aggressive”  and 
called  for  a  phased  approach 
like  New  Jersey’s. 

“A  vast  majority  of  com¬ 
panies  in  Massachusetts  and 
around  the  country  know 
nothing  about  this  regula¬ 
tion,”  said  Jon  Hurst,  presi¬ 
dent  of  the  Retailers  Asso¬ 
ciation  of  Massachusetts. 

Hurst  said  the  Boston- 
based  trade  group  isn’t 
opposed  to  the  idea  of  im¬ 
proving  data  security.  But 
he  questioned  the  wisdom 
of  requiring  companies  to 
adopt  costly  new  security 
measures  at  a  time  when 
many  are  struggling  “just 
to  make  payroll”  because  of 
the  economic  recession. 

The  OCABR  didn't  re¬ 
spond  to  requests  for  com¬ 
ment  about  the  revision  of 
the  rules  and  the  extension 
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all  systems. 

■  Develop  a  comprehensive 
data-security  program  that 
sets  internal  policies  and 
specifies  disciplinary  mea¬ 
sures  for  employees  who 
violate  them. 

■  Inventory  all  electronic 
and  paper  records  to  iden¬ 
tify  the  ones  that  contain 
personal  data. 

of  the  compliance  window 
—  the  second  one  granted 
in  the  past  three  months  by 
the  agency,  which  originally 

ply  by  the  start  of  this  year. 

included  in  the  Feb.  12  an¬ 
nouncement  of  the  changes. 
Daniel  Crane,  the  agency’s 
undersecretary,  tacitly  ac¬ 
knowledged  that  even  the 
May  deadline  was  too  soon 
for  some  companies. 

"These  new  safeguards 
are  fundamental  standards 
that  will  keep  information 
safer  and  will  help  business- 


has  time  to  make  the  neces¬ 
sary  changes  to  comply  with 
these  regulations."  Crane 
also  said  that  state  officials 
"understand  the  impact  Of 


intrusive"  mandate  that 
would  have  required  com¬ 
panies  to  rewrite  their  con 
tracts  with  outside  provid¬ 
ers.  That  would  have  been 
onerous,  according  to  Birn 
bach  —  especially  for  large 
businesses  that  deal  with 
many  third  parties.  “Our 
clients  have  been  somewha 
up  in  arms,”  she  said. 

But  not  everyone  has  a 
dire  view  of  the  new  rules. 
Chris  Cahalin.  director  of 
network  operations  at  Papa 
Gino’s  Inc.,  said  the  Ded¬ 
ham.  Mass.-based  restaurai 
chain  was  on  track  to  meet 
the  requirements  before 
the  latest  extension  of  the 
compliance  deadline.  (See 
related  story,  this  page.) 


guards...  will 
keep  information 
safer  and  will 
help  businesses 
reinforce  a  vital 
sense  of  trust 
with  customers. 

DANIEL  CRANE. 

UNDERSECRETARY.  MAS¬ 
SACHUSETTS  OFFICE  OF 
CONSUMER  AFFAIRS  ANO 
BUSINESS  REGULATION 


ing  compliance  is  to  make 

are  aware  of  the  regulations. 

|  Cahalin  said.  "Once  you  get 
management  involved  at 
that  level,  it  makes  it  easier 
to  go  along.  Then  you  can 
go  on  to  educating  users” 

—  while  also  seeking  their 
help  in  determining  where 
personal  data  exists  in  sys- 

A  large  Massachusetts- 
based  retailer  was  also  on 
track  to  comply  with  the 
new  rules  by  May,  according 
to  a  network  administrator 
there  who  asked  not  to  be 
identified.  The  admin  noted 
that  the  retailer  already 
meets  many  of  the  encryp¬ 
tion  requirements  as  a  result 
of  its  compliance  with  the 
Payment  Card  Industry 
Data  Security  Standard,  a 


on  merchants  by  the  major 
credit  card  companies. 

The  only  new  thing  the 
retailer  is  doing  because  of 
the  regulations,  he  added, 
is  installing  a  file-transfer 
process  management  system 
from  Ipswitch  Inc.  to  ensure 
that  data  moving  across  its 
internal  network  is  fully  en¬ 
crypted.  The  tool  "basically 
uses  encryption  as  part  of 
the  transport  mechanism," 
the  network  admin  said. 

But  the  bank  CPO  said 
that  in  many  ways,  the 
Massachusetts  rules  are 

security  and  privacy  provi¬ 
sions  of  the  federal  Gramm- 
Leach-Bliley  Act  are.  And. 

’  he  added,  it  took  many  years 
for  the  bank  to  become  fully 
compliant  with  that  law  af- 
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Stimulus  Package 
Sets  H-1B  Limits; 
E-Verify  Usage 
Mandate  Left  Out 

Of  two  IT-related  amendments  to 
the  economic  stimulus  bill,  only 
one  makes  the  cut.  By  Patrick 
Thibodeau  and  Jaikumar  Vijayan 

A  provision  requir-  have  forced  all  employers 
ing  banks  receiving  benefiting  from  stimulus 
federal  bailout  funds  money  to  use  the  govern- 
to  give  hiring  pri-  ment's  Web-based  E-Verify 

ority  to  US.  workers  over  system  to  vet  the  employ- 
foreigners  with  H-1B  visas  ment  status  of  their  workers. 
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SECURITY  NOTICE 
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There  are  a  number  of  ways  to  protect  your  network. 
The  first  should  be  giving  us  a  call. 


Cisco®  ASA  5505  10-user  Bundle 


SonicWALL  Network  Security 
Appliance  (NSA)  2400 


Trend  Micro  “  OfficeScan  “ 
Client/Server  Edition  8.0 


•  Secures  your  network  against  attacks  such  as 
worms,  viruses,  spyware,  keyloggers,  Trojan 
horses,  rootkits  and  hackers 

•  Delivers  secure  remote  access  to  authenticated 
users  on  managed  and  unmanaged  endpoints 

•  Combines  feature-nch  VPN  connectivity  with 
comprehensive  threat  defense  to  deliver 

•  Bundle  includes  10-user  license.  8-port  Fast 
Ethernet  switch,  stateful  firewall,  10  IPsec  VPN 
peers,  2  SSL  VPN  peers,  3DES/AES  license  and 
1  expansion  slot 


•  Utilizes  a  multi-core  hardware  design  and  patented, 
reassembly-free  DPI  with  6GbE  interfaces 

■  network  protection  without 


eat  prevention,  rapid  deployment  am 
•  Combines  high-speed  intrusion  prevention,  file  and 
array  of  advanced 


•  Accessible,  affordable  platform  that  is  easy  to 
deploy  and  manage 


s414" 


s1936" 


•  Preserves  business  productivity  by  providing 
security  against  Web  and  blended  threats 


51-250  user  license  with  1-year  Maintenance 
S42.99CDW  1234828 


We're  there  with  the  security  solutions  you  need. 

Security  threats  won't  get  on  your  network  if  they  can't  get  to  the  network.  That's  why  gateway  security  is 
so  important.  CDW  has  a  wide  selection  of  top-name  firewall  protection,  antivirus,  antispyware,  intrusion 
prevention  and  more.  Our  personal  account  managers  along  with  our  highly  trained  technology  specialists 
have  the  expertise  you  need  to  ensure  your  network  is  fortified  and  secure.  So  call  CDW  today.  And 
eliminate  threats  before  they  even  become  threats  , 

CDW.com  |  800.399.4CDW 


The  Right  Technology.  Right  Away. 


Carnegie  Mellon  s  ‘Dragon  Lady’ 
talks  about  computational  thinking, 
tomorrow’s  security  threats  and 
hopes  for  a  focus  on  science  from 
the  Obama  administration. 


What  research  are  you  personally  doing? 

I’m  interested  in  trustworthy  comput¬ 
ing,  which  includes  reliability,  security, 
privacy  and  usability.  A  student  and  I 
are  working  on  a  problem  in  privacy 
where  we’d  like  to  understand  what 
people  mean  by  the  “use”  and  “pur¬ 
pose”  of  information.  Suppose  Yahoo 
Continued  on  page  18 
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High-speed  Internet 
when  you  need  it. 

Mobile  Broadband  on  America's  Largest  and 
Most  Reliable  3G  Network. 


Call  1.800.VZW.4BIZ 


Clickverizonwireless.com/smallbusir 


Visit  your  local  Verizon  Wireless : 


■  THE  GRILL  JEANNETTE  M.  WING 


M  President 
Obama  did 
say  the  words 
science  and  technology 
in  his  inaugural  ad¬ 
dress.  I  was  thrilled. 

I  jumped  up  and  down. 


Continued  from  page  16 
promises  they  will  not  read  your 
e-mail  in  order  to  target  advertising, 
but  they  will  read  it  for  spam  detection. 
That  seems  like  a  reasonable  policy, 
because  you'd  like  them  to  filter  your 


way  they  think,  even  prompting  them 
to  ask  questions  they  wouldn't  have 
thought  to  ask  before. 

[Take]  for  instance,  the  fact  that  we 
have  many  techniques  for  dealing  with 
large  data  sets  —  machine  learning,  data 
mining,  data  federation  and  so  on.  So  for 
us,  large  data  sets  offer  a  different  way 
to  solve  problems.  But  scientists  and 
engineers  might  not  even  know  that  they 
could  look  for  particular  patterns  or 
clusters  in  a  data  set.  It  would  be  unfath¬ 
omable  that  they  could  answer  a  ques¬ 
tion  [using  such  techniques]. 

We  are  even  seeing  applications 
of  computational  thinking  in  music, 
linguistics,  economics,  medicine  and 
law.  My  dream  is  that  a  course  in  prin¬ 
ciples  of  computing  or  foundations  of 
computer  science  would  be  on  a  list 
of  courses  for  a  general  education.  It 
would  go  way  beyond  programming  in 
Java  and  would  be  for  everyone. 

Is  there  any  hope  we  will  see  substantial 
improvements  in  software  quality?  There 
are  no  silver  bullets.  However,  we  have 
seen  progress.  In  the  past  five  to  eight 
years,  we've  seen  much  more  use  of 
automated  tools  in  the  software  devel¬ 
opment  process.  Tools  do  more  and 
more  semantic  analysis  [of  code].  That 
requires  annotating  the  software  so 
the  tools  have  a  better  understanding 
of  what  the  code  represents.  Eventu- 


What  kinds  of  projects  do  you  fund  with 
your  $535  million  National  Science  Foun¬ 
dation  budget?  The  NSF  funds  some 
very  fundamental  research  driven  by 
deep  scientific  questions  —  for  exam¬ 
ple,  “What  is  computable?”  —  whose 
impact  may  be  far  in  the  future  but 
which  could  be  truly  revolutionary.  We 
also  fund  fundamental  research  driven 
by  societal  grand  challenges,  such  as 
climate  change,  energy,  environment 
and  health  care. 

There  are  projects  in  bio-inspired 
computing,  where  individual  mole¬ 
cules  are  considered  a  machine.  People 
have  built  molecular  machines,  and  the 
research  challenge  now  is  to  get  them 
to  communicate  chemically. 

Another  hot  trend  in  computer 
science  is  in  economics.  For  example, 
ad  placement  on  Yahoo.  And  Google 
is  all  about  auctioning  keywords. 
There's  a  whole  new  field  called 
computational  macroeconomics.  And 
there  is  algorithmic  game  theory.  My 
mantra  in  computational  thinking 
is  that  it  will  really  influence  the 
way  people  think,  whether  they  are 
scientists,  engineers,  economists  or 


What’s  the  attraction  of  ballet  and  ka¬ 
rate?  I  do  them  for  stress  relief,  and  of 
course  to  keep  physically  fit.  Having 
been  in  ballet  performances  and  karate 


Thornton  A.  May 

IT’s  Identity  Crisis: 
We’re  the  Elevator 


A  CELEBRITY  CAUGHT  breaking  traffic  or 

substance-abuse  laws  is  apt  to  haughtily  ask  the 
arresting  officer,  “Do  you  have  any  idea  who  I 
am?”  It’s  hard  to  imagine  any  IT  professional 
doing  the  same.  (A  very  good  thing,  too,  since  I  doubt  that 
query  has  ever  done  an  offender  an  ounce  of  good.) 


■ 

C. 


I 


ers'  lack  of  celebrity  that 
keeps  them  from  playing 
the  “Do  you  know  who  I 
am?”  card.  Sadly,  the  vast 
majority  of  IT  profession¬ 
als  can’t  answer  the  ques- 


byists  in  Washington  have  We  don't  wear  lab  coats,  it 
their  footwear  of  English  was  always  silly  to  identify 

leather  and  suits  of  Italian  us  with  pocket  protectors, 

cloth,  and  gas  pump  jock-  and  everybody  has 
eys  can  be  identified  by  puter.  Who  are  we? 
the  shirts  they  wear  with  Nor  do  most  of  u 
their  own  first  name  and  trol  a  delimited  ten 

the  name  of  an  oil  com-  in  the  enterprise.  M 

pany  embroidered  on  the  IT  professionals  nc 
pocket.  ger  work  in  raised-f 

And  here  is  a  story  of  climate-controlled  < 


garding  who  we  are  or 
what  we  do. 

Collectively,  then,  we 
need  to  take  a  page  from 
the  manual  of  the  modern 
politician,  who  has  learned 
that  electoral  success  hing¬ 
es  on  being  able  to  define 
yourself  before  your  oppo¬ 
nent  does  it  for  you.  To  not 
do  so  leaves  our  identity 
in  the  hands  of  others.  We 
may  not  like  the  identity 
that  accrues  around  us 
without  our  input. 

The  comic  Demetri 
Martin  may  be  on  to 
something  of  relevance  to 
IT.  Having  been  told  by  a 
store  clerk,  “If  you  need 
anything,  I’m  Jill,"  Martin 
wonders,  “If  I  don’t  need 
anything,  is  she  Alice?" 

Watching  Martin's 
routine,  I  recognized  that 
IT’s  identity  has  become 
conditional:  If  somethir 


tice,  but  that  means  there 
are  no  Gretchen  Project- 
Managers  or  Adam  Sys¬ 
admins  in  the  phone  book. 

Some  professions  equip 
their  practitioners  with 
uniforms  and  props  that 
serve  as  identifiers:  Lob- 

■  There  are  no 
Gretchen  Project- 
Manaaers  or  Adam 
Sysadmins  in  the 
phone  book. 

celebrated  international 
studies  scholar  Benedict 
Anderson  called  an  “imag¬ 
ined  community"  —  it 
exists  in  the  individual 
and  collective  minds  of  its 
members  but  is  otherwise 
nebulous.  And  yet,  ask 

there,  always  running  and 

Thornton  A.  May  is  a  long¬ 
time  industry  observer, 
management  consultant 
and  commentator.  You 
can  contact  him  at 
thomtonamay@aol.com. 
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Go  green  and  lower  operational  costs  by  adapting  to  the  way  people  actually  want  to  work. 
How?  With  IBM  collaboration  software  and  services.  It's  truly  collaborative  technology  that 
i  your  company  or  iri  the  world,  which  means 


connects  people  faster,  wherever  they;  .  . 

less  commuting,  less  jet  fuel,  less  energy,  less  money.  And  IBM^oftware  gives  you  advanced 
dedtpHcabon  and  data  compression  features,  lowering  the  energy  and  space  costs  of  your 
coiaboratloo  infrastructure  by  as  much  as  half.  A  greener  world  starts  with  greener  business 

nnaonor  hi  iQinocc  ctar+c  uuith  IRM 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

See  the  green  demo  at  Ibm.cowi/green/collaboration  ' 
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NATIVES  OFF  THE  CHOPPING  BLOCK  IN  TROUBLED  TIMES 


STRATEGIC 


PROJECTS 


There  was  a  joke  at  the  height  of  the 
Cold  War:  What  should  you  do  in  the 
event  of  nuclear  missile  attack?  Take 
shelter,  duck  and  cover,  then  kiss  your 
butt  goodbye.  CIOs  looking  to  save 
projects  —  even  the  most  strategic  oni 
—  might  feel  the  same  way  as  they 
struggle  through  today's  historic  financial  meltdown. 

“I’ve  never  known  so  many  people  | - 

all  predicting  doom  and  gloom  at  the  I  BY  TAM  HARBERT 


same  time  across  every  front,”  says  _ _ _ _ 

Peter  Whatnell,  CIO  at  Sunoco  Inc.  and  the  new  presi-  I  projects  vulnerable.  “[The  victim’s]  relatives  may  be  say- 


5.8%.  And  last  month,  Forrester  Research  Inc.  predicted 
a  3%  decline  in  spending  on  IT  goods  and  services  this 
year  compared  with  2008.  Companies  aren’t  just  talking 
about  reducing  IT  spending:  they’re  talking  about  reduc¬ 
ing  it  drastically.  "I’m  hearing  folks  talk  about  significant 
double-digit  reductions,  and  quickly,”  says  Whatnell. 

Like  emergency  room  doctors  treating  a  gunshot 
victim,  many  executives  feel  that  the  priority  is  simply 
to  stop  the  bleeding,  says  Gartner 
analyst  Jorge  Lopez.  That  mentality 
makes  even  strategic  enterprisewide 
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reassess  their  situation  aiul  decide 
whether  to  maintain  the  same  level 
of  spending.  “That  ean  tone  a  lot  of 
uncomfortable  trade-elf-.''  Cullen  sa 
“But  it  is  a  good  wav’  of  a\ oiding  pan 
It  does  keep  options  open,  and  at  thi- 
time,  the  biggest  thing  is  uncertain!) 
Nobody  knows  how  bad  it  might  gel. 

Must  IT  executives  resign  them¬ 
selves  to  kissing  strategic  projects 
goodbye?  No.  There  are  things  you  c 


may  have  to  perform  triage.  First, 
step  back  and  take  a  hard  look  at  the 
project.  Sometimes  CIOs  consider  a 
project  strategic,  only  to  find  out  later 
that  they  were  the  only  ones  who  did. 
IT  people  tend  to  justify  projects  in 
technical  terms,  rather  than  using 
financial  metrics,  says  Michael  Krigs- 
man.  CEO  of  IT  consultancy  Asuret 
Inc.  In  today's  economy,  the  only  proj¬ 
ects  to  survive  will  be  those  rooted  in 
concrete  business  value  and  proven  by- 
specific  financial  metrics,  he  says. 

But  even  those  yardsticks  may  be 
evolving.  Is  the  original  business  case- 
still  a  priority?  A  project  that  was  once- 
justified  by  a  four-year  return  on  invest¬ 
ment  might  fade  into  the  background 
if  the  business  is  struggling  with  cash 
flow.  The  company's  agenda  may  be 
quite  different  today  than  it  was  just 
six  months  ago.  says  )ohn  Ciacehella.  a 
principal  at  Deloitte  Consulting  LLP. 

Ironically,  if  the  project  really  is  stra¬ 
tegic  —  if  it  involves  the  executive  team 
and  will  enable  transformation  across 
the  business  —  then  it  is  by  definition 
more  than  an  IT  project,  which  means 
the  CIO’s  discretion  is  limited.  Cullen 

to  figure  out  where  to  cut  and  where  to 
continue  to  fund,  and  that's  not  a  CIO 
decision."  he  explains. 

IT  executives  should  reiterate  the 
benefits  of  the  project  and  clearly  outline 
the  consequences  of  kilting  it.  But  if  the 
other  executives  aren't  persuaded,  step 
back  and  shut  up.  "The  CIO  is  first  and 
foremost  a  member  of  the  management 
team."  says  Whatnell.  The  focus  should 
be  on  doing  whatever  is  necessary-  to 
sustain  the  company.  Cutting  the  project 
“may  be  absolutely  the  right  thing  to 


be  too  worried  strategically  about  what 
CRM  is  going  to  do  for  them  in  2010." 

In  fact,  the  mantra  of  "business 
value"  is  so  last  year.  Cash  flow  is  “the 
emerging  mantra  for  2009,"  says  Lopez. 
He  says  that  an  oil  company  IT  execu-  I 
tive  recently  told  him  that  he  was  being  I 
asked  to  evaluate  projects  based  on 
cash  flow  instead  of  ROI.  "Whatever 
project  you  want  to  save  and  are  staking 
your  reputation  on,  it  had  better  be  con¬ 
nected  to  dealing  with  this  [economicl 
storm,”  says  Lopez.  "Because  if  it's  not, 
not  only  will  the  project  be  gone,  but  if 
you  fight  for  it,  you'll  be  gone,  too." 

MAKE  IT  RELEVANT.  RIGHT  NOW 

Smart  CIOs  will  assess  the  new  lay  of 
the  land  and  be  able  to  explain  how 
and  why  the  project  is  still  relevant  or. 
better  yet.  even  more  relevant.  Explain 
the  value  of  the  project  in  the  context  of 
current  needs,  says  Ten  Takai,  CIO  for 
the  California  state  government,  which 
is  in  the  midst  of  a  budget  crisis.  While 
the  state's  IT  budget  has  suffered  cuts 
along  with  every  other  department's,  I 
she  has  been  able  to  maintain  long-term  | 
projects  such  as  the  replacement  of  the 
state's  20-year-old  payroll  system  by 
persistently  stressing  the  benefits  of  the  j 
new  system.  "The  message  has  to  be 
crafted  in  a  way  that  provides  immedi¬ 
ate  justification,"  Takai  says. 

If  the  company  needs  cash,  explain 
how  the  project  contributes  to  cash  flow. 
Perhaps  the  executive  team  wants  to  [ 
lake  advantage  of  the  situation  to  ac¬ 
quire  weak  competitors.  Emphasize  how  i 
the  project  strengthens  the  company's  ] 
ability  to  acquire  and  digest  companies. 

You  may  have  to  reorganize  the  proj-  : 


The  mes¬ 
sage  has 
to  be  crafted  in 
a  way  that  pro¬ 
vides  immediate 
justification. 


Do  You  Have 
What  H  Takes? 

As  a  principal  at  Deloitte  Consulting. 
John  Ciacehella  advises  companies  try¬ 
ing  to  manage  through  this  economic 
crisis.  He  has  observed  the  following 
qualities  in  CIOs  who  have  successfully 
saved  strategic  projects: 

1.  They  are  realistic  about  what  is 
strategic  and  what  is  not. 

2.  They  have  credibility  with  their 
organizations.  These  CIOs  are  good 
stewards  of  their  resources,  work  well 
with  other  executives  and  demonstrate 
a  willingness  to  make  sacrifices  for  the 

3.  They  are  smart  about  the  design 
and  structure  of  the  project.  And 
they're  willing  to  adjust  timing,  scope  or 
costs  to  lit  the  economic  environment. 

4.  They  are  assertive.  They  can  make 
a  case  to  convince  others  of  the  merits 
of  keeping  a  project  "Even  after  doing 
the  first  three  things,  you've  still  got 
to  fight"  says  Ciacehella.  “But  now 
you've  built  a  very  strong  base  to 
support  yourself." 

-  TAM  HARBERT 

vet  in  order  to  make  it  relevant  to  im¬ 
mediate  needs.  Can  you  adjust  the  tim¬ 
ing  or  the  scope?  Can  you  push  ahead 
on  things  that  produce  immediate  rev¬ 
enue?  Can  you  defer  certain  costs? 

At  Harrah's  Entertainment  Inc., 
projects  have  always  been  evaluated 
based  on  their  contribution  to  top-line 
i  sales  or  bottom-line  profit,  plus  some 

i  says  Heath  Daughtry,  the  company's 
I  vice  president  of  enterprise  IT.  But  to- 
1  day,  projects  need  to  demonstrate  ben- 
■  efits  in  several  major  areas,  including 
boosting  efficiency  and  enhancing  the 
1  customer  experience,  he  says. 

ROI  evaluation.”  says  Daughtry.  "It  has 
to  hit  on  all  the  business  strategies  — 
on  revenue,  margin.  EBITDA  [earnings 
before  interest,  tax,  depreciation  and 
amortization],  customer  experience.” 

That  meant  making  some  changes  in 
one  of  Harrah's  major  initiatives  so  it 
I  would  bring  in  more  earnings  sooner. 
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The  initiative,  called  Personalized 
Real-time  Interactive  Slot  Marketing 
(PRISM),  is  designed  to  provide  infor¬ 
mation  and  digital  entertainment  direct¬ 
ly  to  customers  through  Harrah’s  65,000 
slot  machines.  Harrah’s  is  aggressively 
rolling  out  the  project  this  year  in  its 
most  profitable  markets,  where  it  is  most 
likely  to  see  the  highest  return  on  its  in¬ 
vestment,  says  Daughtry.  In  less  profit¬ 
able  markets,  it  will  wait  till  2010. 

Harrah’s  is  also  asking  business 
partners  to  share  in  the  risk  as  well  as 
the  rewards  of  some  other  long-term 
projects,  says  Daughtry.  For  example,  a 
technology  partner  might  help  fund  a 
corporate  pilot  project,  which  benefits 
the  corporate  partner  and  could  also 
generate  good  press  for  the  vendor. 

Ciacchella  cites  two  examples  of 
Deloitte  clients  that  have  reorganized 
projects  in  order  to  accelerate  business 
benefits.  Both  are  large  companies  that 
are  deploying  ERP  systems.  At  one 
company,  the  initial  plan  had  been  to 
roll  out  the  entire  ERP  system  first, 
then  renegotiate  contracts  with  sup¬ 
pliers.  Instead,  the  company  decided 
to  renegotiate  contracts  now,  even 
though  the  ERP  system  isn't  complete. 

“They  won’t  be  able  to  manage  and 


Mb’s  no 
longer  a 

one-dimensional 
R0I  evaluation. 

H  has  to  hit  on 
all  the  business 
strategies. 

HEATH  DAU0HTRY, 

VICE  PRESIDENT  OF 
ENTERPRISE  IT.  HARRAH’S 
ENTERTAINMENT  INC. 

planned  18  months  ago  might  now  be 
completed  more  cheaply  and  efficiently 
using  different  means,  says  Vivek  Kun- 
dra,  chief  technology  officer  for  the  Dis¬ 
trict  of  Columbia,  which  as  of  December 
had  a  $130  million  budget  deficit 


no  fan  of  expensive  hardware  and  huge 
infrastructure  investments.  Instead, 
he  favors  cloud  computing,  consumer 
technologies  and  the  collective  ideas  of 
the  citizenry.  Rather  than  spending 
$4  million  that  the  district  had  budget¬ 
ed  to  develop  an  intranet,  for  instance, 
Kundra  used  cloud  computing,  Google 


Kundra.  In  the  District  of  Columbia's 
deployment  of  an  ERP  system,  he  lim¬ 
ited  the  use  of  expensive  consultants 
and  replaced  the  traditional  five-day 
workweek  with  round-the-clock  shifts 
to  increase  productivity.  The  team  com¬ 
pleted  the  project  five  months  ahead  of 
schedule  and  under  budget,  he  says. 

The  financial  crisis  is  “a  great  oppor¬ 
tunity  to  do  more  with  less,”  says  Kun¬ 
dra.  “Technology  should  be  the  leader 
in  finding  the  innovative  path." 

In  fact,  it  can  also  be  an  opportunity 
for  CIOs  to  show  how  the  creative  ap¬ 
plication  of  technology  can  further 
cut  costs,  increase  productivity  and 
even  create  new  sources  of  revenue.  At 
Harrah’s,  IT  executives  have  suggested 
that  the  company  could  sell  consulting 
services  in  two  technology  areas  in 
which  it  excels  —  data  mining  and  busi¬ 
ness  intelligence,  says  Daughtry.  Mone¬ 
tizing  a  company’s  core  expertise,  even 
things  that  were  previously  guarded  as 
corporate  “secret  sauce,"  has  become  a 
hot  topic  in  boardrooms,  he  says. 

SPEND  YOUR  POLITICAL  CAPITAL 

Whether  a  CIO  is  proposing  new  reve¬ 
nue  streams  or  defending  an  important 
ongoing  project,  one  skill  is  critical  in 


As  cloud  computing’s 
security  gaps  become  more 
visible,  users  are  finding 
ways  to  safeguard  their 
data.  By  John  Edwards 


Security 


AdvancedRecovery  '  with  a  100%  recovery  recor 
and  a  breadth  of  services  offered 

AdvancedHosting  u  with  over  2.000  customers 
and  34  production  facilities  with  a  range  of  managed 
IT  services 

Consulting  with  more  than  100.000  action 
plans  delivered 

Continuity  Management  Software  the  most 


SUNGARD 

Availability  Services  Connected: 


Continued  from  page  26 
to  a  third  party,"  he  says. 

Like  a  growing  number 
oflT  managers,  both  Flax 
and  |ones  are  beginning  to 
realize  that  cloud  comput¬ 
ing  doesn't  offer  companies 


that  should  give  pare 


anyone  thinking  about  rush¬ 
ing  into  cloud  computing. 

“Enterprises,  particularly 
those  in  regulated  indus¬ 
tries,  need  to  weigh  both 
the  business  benefits  and 
risks  of  cloud  computing 
services."  warns  Jay  Heiser, 
a  Gartner  analyst. 

One  of  cloud  computing's 
biggest  risks  arises  from  its 
very  nature:  It  allows  data  to 
be  sent  and  stored  just  about 
anywhere  —  even  divided 
1  among  locations  around  the 


world.  While  data  dispersion 
helps  give  cloud  computing  a 
cost  and  performance  edge, 
the  downside  is  that  business 
information  can  land  in  stor¬ 
age  systems  in  locales  where 
privacy  laws  are  loose  or 

Flax,  who  is  using  Sales- 

platform  to  automate  Cow¬ 
on's  global  sales  systems, 
says  the  best  way  to  ensure 
that  data  steers  clear  of  risky 

a  cloud  vendor  that  is  a  pub¬ 
lic  company  and  is  therefore 
required  by  law  to  disclose 
how  it  manages  information. 

Salesforce.com  is  publicly 
traded,  and  “as  a  result,  we 
have  a  sense  of  comfort  that 
there  are  strict  processes 
and  guidelines  around  the 
management  of  their  data 


talking  about.” 

Agora  Games,  a  company 
in  Troy,  N.Y.,  that  builds 
Web  communities  for  video 
game  players,  currently 
has  no  say  on  the  matter  of 


7  Issues  to  Clarify 
Before  Adopting 
Cloud  Computing 

In  a  June  2008  report  titled  “Assessing  the 
Security  Risks  of  Cloud  Computing."  Gartner 
identified  seven  security  concerns  that  cloud 
users  should  address  with  prospective  vendors. 
1.  User  access.  Ask  providers  for  specific 
information  on  the  hiring  and  oversight  of 
privileged  administrators  and  the  controls 
over  their  access  to  information. 

2.  Regulatory  compliance.  Make  sure  your 
provider  will  submit  to  external  audits  and 
security  certifications. 

3.  Data  location.  Ask  your  provider  to  store  and 
process  data  in  specific  jurisdictions  and  to 
obey  the  privacy  rules  of  those  jurisdictions. 


4.  Data  segregation.  Find  out  what  is  done 
to  segregate  your  data,  and  ask  for  proof  that 
encryption  schemes  are  efficacious. 

5.  Disaster  recovery.  Know  what  will  happen 
if  disaster  strikes.  Ask  whether  your  provider 
will  be  able  to  completely  restore  your  data  and 
service,  and  find  out  how  long  it  will  take. 

6.  Investigative  support.  Ask  the  vendor  for  a 
contractual  commitment  to  support  specific 
types  of  investigations,  such  as  the  research 
involved  in  the  discovery  phase  of  a  lawsuit, 
and  verify  that  the  vendor  has  successfully 
supported  such  activities  in  the  past.  Without 
such  evidence,  don’t  assume  that  it  can  do  so. 

7.  Long-term  viability.  Ask  prospective  pro¬ 
viders  how  you  would  get  your  data  back  if 
they  were  to  fail  or  be  acquired,  and  find  out 
if  the  data  would  be  in  a  format  that  you  could 
easily  import  into  a  replacement  application. 


To  Cloud 
Security 


Realize  how  the  cloud's  uniquely 
loose  structure  affects  the  secu¬ 
rity  of  data  sent  into  it. 

Make 

certain  that  the  cloud  provider 
can  supply  detailed  information 
on  its  security  architecture  and  is 
willing  to  accept  a  security  audit. 

Ensure  that  internal  security  tech¬ 
nologies  and  practices,  such  as 
network  firewalls  and  user  access 
controls,  are  strong  and  can  mesh 
well  with  cloud  security  measures. 

Understand  how  laws  and 
regulations  will  affect  what  you 
send  into  the  cloud. 

Look  for  changes 
in  cloud  technologies  and  practices 
that  may  affect  your  data's  security. 


provider.  Terremark  World¬ 
wide  Inc.,  hosts  its  data  and 
applications.  But  that  will  be 
changing  in  the  near  future, 
says  Brian  Corrigan,  Agora’s 
chief  technology  officer. 

Terremark  will  soon  give 
Agora  “the  option  to  choose 
where  virtual  machines  ac¬ 
tually  run."  he  says.  “Right 
now.  the  only  choice  is  the 
Miami  facility,  but  Terremark 
is  adding  other  locations,  so 
[it  will  be]  an  issue  we  can 


TRACK  AND  TRACE 

Cloud  computing's  dispersed 
nature  also  makes  it  chal¬ 
lenging  to  track  unauthorized 
activity,  even  when  careful 
logging  procedures  are  used. 
Virtually  all  cloud  comput¬ 
ing  providers  use  encryption, 
such  as  Secure  Sockets  Layer 
technology,  to  safeguard  data 

that  it’s  also  important  to 


T 


Realize  how  the  cloud's  uniquely 
loose  structure  affects  the  secu¬ 
rity  of  data  sent  into  it. 

Make 

certain  that  the  cloud  provider 
can  supply  detailed  information 
on  its  security  architecture  and  is 
willing  to  accept  a  security  audit. 


Ensure  that  internal  security  tech¬ 
nologies  and  practices,  such  as 
network  firewalls  and  user  access 
controls,  are  strong  and  can  mesh 
well  with  cloud  security  measures. 


Understand  how  laws  and 
regulations  will  affect  what  you 
send  into  the  cloud. 

Look  for  changes 
in  cloud  technologies  and  practices 
that  may  affect  your  data's  security. 


security.  A  Gartner  Inc.  re¬ 
port  released  last  year  iden¬ 
tified  concerns  about  risks 
in  several  areas,  such  as  data 
privacy  and  integrity  and 

that  should  give  pause  to 


a  Gartner  analyst. 

One  of  cloud  computing’s 
biggest  risks  arises  from  its 
very  nature:  It  allows  data  to 
be  sent  and  stored  just  about 
anywhere  —  even  divided 
among  locations  around  the 


talking  about.” 

Agora  Games,  a  company 
in  Troy,  N.Y.,  that  builds 
Web  communities  for  video 
game  players,  currently 
has  no  say  on  the  matter  of 
where  its  cloud  computing 


7  Issues  to  Clarify 
Before  Adopting  , 
Cloud  Computing ; 

In  a  June  2008  report  titled  "Assessing  the 
Security  Risks  of  Cloud  Computing,"  Oartner 
en  security  concerns  that  doud 


provider  wf*  submit  to  external  audits  and 


3.  Data  location.  Ask  your  provider  to  store  and 
process  data  In  specific  jurisdrctions  and  to 
obey  the  privacy  rules  of  those  jurisdictions. 


5.  Disaster  recovery.  Know  what  will  happen 
H  disaster  strikes.  Ask  whether  your  provider 
wM  be  able  to  completely  restore  your  data  and 
service,  and  find  out  how  long  H  will  take. 


!  involved  in  the  discovery  phase  of  a  I 


J  7.  Long-term  viability.  Ask  prospective  pro¬ 
viders  how  you  would  get  your  data  back  if 
they  were  to  fail  or  be  acquired,  and  find  out 
if  the  data  would  be  in  a  format  that  you  could 
easily  import  into  a  replacement  application. 


provider,  Terremark  World¬ 
wide  Inc.,  hosts  its  data  and 
applications.  But  that  will  be 
changing  in  the  near  future, 
says  Brian  Corrigan,  Agora's 
chief  technology  officer. 

Terremark  will  soon  give 
Agora  “the  option  to  choose 
where  virtual  machines  ac¬ 
tually  run,"  he  says.  “Right 
now,  the  only  choice  is  the 
Miami  facility,  but  Terremark 
is  adding  other  locations,  so 
[it  will  be]  an  issue  we  can 
manage  however  we  want." 

TRACK  AND  TRACE 

Cloud  computing's  dispersed 
nature  also  makes  it  chal¬ 
lenging  to  track  unauthorized 
activity,  even  when  careful 
logging  procedures  are  used. 
Virtually  all  cloud  comput¬ 
ing  providers  use  encryption, 
such  as  Secure  Sockets  Layer 
technology,  to  safeguard  data 
in  transit.  But  Heiser  notes 
that  it's  also  important  to 
ensure  that  stored  data  is  en¬ 
crypted.  “If  data  is  stored  in 
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a  shared  environment,  which 
is  what  usually  happens,  you 
can  assume  that  unencrypted 
data  may  be  read  by  unau¬ 
thorized  parties,”  he  says. 

Mike  Mullin,  IT  director 
of  Indian  Harvest  Specialti- 
foods,  a  Bemidji,  Minn- 


based  company  that  distrib¬ 
utes  rice,  grains  and  legumes 


go  all  the  way  with,  but  I’d 
say  that  95%  are  not  at  that 
level,”  Jones  says. 

Corrigan  says  that  com¬ 
prehensive  cloud  security 
requires  a  holistic  approach. 
"For  supersecure  data,  start 
with  how  it's  stored  and  then 
deal  with  how  it’s  transmit¬ 
ted,”  he  advises.  “Manage 
access  through  some  sort  of 


the  client  company  must  ver¬ 
ify  that  the  service  provider 
is  working  to  ensure  that 
data  security  and  integrity 
are  ironclad. 

Heiser  notes  that  any 
cloud  provider  should  be 
willing  to  submit  to  external 
audits  and  security  certifi¬ 
cations  to  ensure  the  qual¬ 
ity  of  specific  controls.  “A 


including  network  opera¬ 
tions,  data  safeguards  and 
physical  security  elements. 

“We  read  these  audits 
very  carefully  because,  as 
with  an  audit  of  somebody’s 
financial  books,  just  because 
the  audit  is  complete  doesn’t 
mean  they  passed  with  fly¬ 
ing  colors,"  Flax  says. 


dent  that  our  data  is  secure,” 
he  says.  “If  it  isn’t,  then  I 
think  a  lot  of  people  will 
have  problems  and  that  the 
[cloud]  industry  as  a  whole 


Mullin  notes  that  cloud 
adopters  also  need  to  closely 
assess  their  own  infrastruc¬ 
tures  and  security  practices, 
particularly  access  controls. 
“Your  side  of  the  infrastruc- 


THE  STATUS  QUO 


assign  different  levels,” 
he  says.  Documents  at  the 
highest  level  of  sensitivity 
simply  aren’t  sent  into  the 
cloud;  they’re  stored  locally. 
“There  are  some  documents 
that  we’re  just  not  ready  to 

applications 
have  been  around 
for  a  long  time. 

The  security  aspects 
are  well  understood, 
and  I’m  comfortable 
with  that. 

MIKE  MULLIN,  IT  DIRECTOR. 
INDIAN  HARVEST  SPEC1ALTIF00DS 


NO  CONTEST 

I  » 


A  MATTER  OF 
COMPLIANCE 

Because  it  places  business 
data  into  the  hands  of  an 
outside  provider,  cloud 
computing  makes  regula¬ 
tory  compliance  inherently 
riskier  and  more  complex 
than  it  is  when  systems  are 
maintained  in-house.  Loss  of 
direct  oversight  means  that 


regulated  financial  services 
industry,  Cowen’s  Flax  re¬ 
lies  on  SAS  70  audits  to 
ensure  that  his  cloud  pro¬ 
vider  meets  government 
and  industry  requirements. 
“There  are  standards  in 
place  for  what  a  SAS  70  for 
a  data  center  should  be,” 
he  says.  The  SAS  70  audit, 
developed  by  the  American 
Institute  of  Certified  Public 
Accountants,  covers  data 


ogy  realistically  rather  than 
through  rose-colored  glasses. 
“It  shows  an  increasing  level 
of  maturity,”  Heiser  says. 
Since  cloud  computing 

now  be  reliably  anticipated 
and  addressed.  Flax  believes 
that  security  concerns  alone 


gression  from  software  as 
a  service  and  other  hosted 
offerings,  agrees.  “Hosted  ap¬ 
plications  have  been  around 
for  a  long  time,"  he  observes. 
“The  security  aspects  are 
well  understood,  and  I’m 
comfortable  with  that." 

Corrigan  says  that  he,  too, 
is  comfortable  with  the  cur¬ 
rent  state  of  cloud  security. 
“I  wouldn’t  say  I  lose  any 
more  sleep  over  our  cloud 
provider  than  I  do  over  our 
collocated  physical  servers,” 
he  explains.  ■ 

Edwards  is  a  freelance  writer 
in  Gilbert,  Ariz.  You  can 
contact  him  at  jedwards@ 
gojohnedwards.com. 


CHARTER  AND  SCOPE  |  the  deadline.  It’s  up  to 


the  estimate  derived  froi 
historical  knowledge.  As 
scope  becomes  more  cle; 
defined,  refine  the  cost 
estimate  by  changing  tht 
midpoint  as  appropriate 
reducing  the  range  size. 


Once  scope  is  known,  de¬ 
termine  a  project  schedule. 
You’ll  already  know  the 
two  most  important  project 
points:  the  beginning  and 


■  Configuring  and  in¬ 
stalling  the  servers  and 
network  equipment,  and 
testing  connectivity  and 
functionality. 


■  Documenting  the  net¬ 
work  for  ongoing  mainte¬ 
nance  and  support. 

-  OREO  SCHAFFER 


CLOSINO  OUT 

Once  the  network  infrastruc 
ture  is  completed,  there  are 
still  three  major  tasks  to  ac¬ 
complish  before  the  project 
can  be  closed.  The  first  is 
rather  obvious  —  ensuring 
that  the  network  functions  as 
I  the  customer  intended.  The 


can  be  easily  retrieved. 

Finally,  a  postproject  re¬ 
view,  particularly  of  what 
went  wrong,  will  help  prevent 
the  same  mistakes  from  hap¬ 
pening  on  a  future  project. 

Remember,  you  don’t 
have  to  be  a  certified  PMP  to 
think  like  one.  Try  it!  ■ 
Schaffer,  CISSP.has  more 
than  20  years  of  experience 
in  networking.  Contact  him 
at  newtnoise@comcast.net. 
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■  SECURITY  MANAGER’S  JOURNAL  MATHIAS  THURMAN 

Let’s  Be  Reasonable, 
And  Save  Money,  Too 

There  are  often  alternatives  available 
that  will  cost  the  company  less,  if  you 
just  keep  an  open  mind. 


Trouble 

Ticket 

AT  ISSUE:  Every  depart¬ 
ment  is  under  orders  to 
find  ways  to  cut  costs. 


create  forensically  sound 
images,  we’ll  need  write 
blockers,  which  prevent 
data  from  being  written 


strong  encryption  (which 
I  defined  as  a  minimum 
of  128  bits)  and  the  rule  of 
least  privilege,  meaning  a 
mailroom  clerk  shouldn’t 
have  the  same  type  of  ac¬ 
cess  as  a  network  engineer. 

That  policy  gave  rise  to 
our  use  of  a  Nortel  VPN 
concentrator,  for  a  client 
(IPsec)  VPN,  and  Juniper 
for  the  SSL  VPN.  We’ve 


■  I’m  finding  that 
being  reasonable 
not  onjy  makes 
for  solid  security 
policies,  but  it  can 
also  be  beneficial 
in  our  efforts  to 
reduce  costs. 


at  a  cost  of  about  $12,000 
per  month.  It’s  costing  us 
a  lot  of  money  because  we 
haven't  been  able  to  supply 
our  new  employees  with 
wiped  hard  drives. 


them  on  a  mapped  network 
drive.  We’ll  set  permissions 
and  apply  other  methods 


the  amount  of  O  JOIN  IN 

ed'Tfiguret'haf 
we  can  recoup 
our  initial  invest¬ 
ment  in  about  30  days  and 
save  the  company  about 
$100,000  per  year. 

More  than  reasonable, 

I’d  say.  ■ 

This  week’s  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager.  “Mathias  Thurman," 

whose  name  and  employer 
have  been  disguised  for 
obvious  reasons.  Contact 
him  at  mathias_thurman@ 
yahoo.com. 
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Join  us  in 
the  Inner  Circle. 

The  Computerworld  Inner  Circle  Research  Panel  was  established  as  a  way 
for  members  of  the  IT  community  to  share  information  and  gain  insight  into 
various  technology  topics,  including  new  initiatives  and  top  issues  faced  by 
IT  professionals  and  executives. 

Inner  Circle  panel  members  get  exclusive  access  to  results  of  the  surveys 
on  the  panel  site  at:  www.computerworldinnercircle.com,  and  are  eligible  for 
some  nice  cash  and  prize  giveaways  for  their  participation.  We  look  forward  to 
hearing  your  input! 


Join  for  Free! 

To  register  as  a  panel  member,  visit  www.computerworld.com/haic 


Why  Netbooks  Are 
Killing  Microsoft 


HEN  MICROSOFT  laid  off  5,000  people 
in  January,  analysts  and  pundits  pointed  to 
plenty  of  reasons  for  the  first  major  layoffs  in 
the  company’s  history.  The  obvious  culprits 
included  the  overall  economic  meltdown,  Apple’s  continued 
success  and  Wall  Street’s  desire  to  see  a  leaner  Microsoft. 


crosoft  simply  can't  charge 
full  freight  for  Windows 
on  one.  And  given  the 
price  that  Microsoft  charg¬ 
es  for  consumer  versions 
of  Office  —  usually  about 
$200  for  the  lowest-priced 
version  —  netbook  owners 
who  use  Windows  aren’t 
likely  to  pay  for  Office  ei¬ 
ther.  It  doesn't  make  much 
sense  to  pay  as  much  for 
a  piece  of  software  as  you 
did  for  your  entire  PC. 

Microsoft  clearly  rec¬ 
ognizes  the  problem  and 
is  taking  action  to  try 
to  solve  it.  First,  it  built 
Windows  7  to  run  on 


related  tools  had  hefty  in¬ 
creases  in  sales.  Windows 
sales  were  down  an  eye¬ 
popping  8%;  server  and 
related  revenue  grew  15%. 

Microsoft  clearly  blames 
netbooks  for  the  drop  in 
Windows  sales.  Here's 
what  it  said  in  its  state¬ 
ment:  “Client  revenue 

resent  the  fastest-growing 

■  The  real  cause 
of  Microsoft’s 
layoffs  can  be 
summed  up  in 
a  single  word: 
netbooks. 

netbook-related  woes  as 
well.  The  company  doesn’t 
get  paid  as  much  for  a  ver¬ 
sion  of  Windows  sold  on 
a  netbook  as  it  does  for  a 
version  of  Windows  sold 
on  a  laptop  or  desktop  PC. 
There’s  very  little  margin 
on  a  machine  selling  for 
$200  to  $400,  and  so  Mi- 

ceed.  If  it  can't,  the  days 
of  big  revenue  growth  are 
behind  Microsoft,  thanks 
in  part  to  netbooks.  ■ 

Preston  Oralla  is  a  Comput- 
erworld.com  contributing 
editor  and  the  author  of 
more  than  35  books,  in¬ 
cluding  How  the  Internet 

Works  (Que,  2006). 
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Co-Branded 

EMAIL 

BLASTS 


Reach  your  target  audience 
of  professional  IT  job  seek¬ 
ers  with  Computerworld’s 
Co-Branded  Email  Blasts. 
This  unique  program  allows 
you  to  choose  your  criteria 
of  1 00%  opt-in  subscribers 
by  geography,  company 
size,  job  title  and  industry. 


COMPUTERWORLD 


Law  Firms 
IT  Consultants 
Staffing 
Agencies 


Are  you 
frequently 
placing  legal  or  I 
immigration 
advertisements? 

Let  us 
help  you 
put  together 
a  cost  effective 
program  that 
will  make  this 
time-consuming 
task  a  little 


|  LOOKING  FOR  SOMETHING  NEW?  | 

M  You've  come  to  the  right  place! 


Find  your  ideal  IT  job 
through  IT  Careers 


For  additional  IT  positions,  search 
www.ITCareers.com. 
our  online  database  of 
over  20,000  jobs  each  month! 


COMPUTERWORIO 


SharHank 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


No  Good  Deed 
Goes  Unpunished 

This  support  pilot  fish  gets  the 
word:  The  backlog  of  support 
tickets  is  way  too  big,  and  it's 
time  to  start  cleaning  up  the 
queue  -ASAP.  So  fish  starts 
in  on  the  task.  “I  went  in  and 
closed  as  many  as  possible," 
he  says.  “I  was  solving  some 
problems,  verifying  bugs  and 
passing  them  on  to  develop¬ 
ment,  checking  with  custom¬ 
ers  to  see  if  long-dormant 
tickets  could  be  closed  or  K 
we  could  revisit  the  issues 
after  an  upcoming  upgrade  - 
using  whatever  honest  means 
I  could  to  reduce  my  list  of 
open  tickets.  The  week  after 
I  finished,  the  vice  president 
decided  the  cleanup  wasn't 
going  fast  enough."  fish 


reports.  "He  had  the  idea  to 
offer  bonuses  to  whichever 
team  members  could  close 
the  most  tickets.  And  there 
I  sat  with  less  than  a  dozen 
tickets  to  compete  with." 

Not  Our  Problem 

It's  the  morning  meeting  for 
this  California  company's  help 
desk  group,  and  there's  only 
one  trouble  ticket  to  discuss: 
"We  don’t  know  why  or  what 
you  did.  but  most  of  our  com¬ 
puters  have  shut  down  and 
won't  come  up  this  morning," 
reads  the  complaint  from  a 
department  head.  But  what 
could  cause  that?  The  group 
is  working  on  an  automatic 
shutdown  scheduled  for 
9  p.m.  for  all  training-room 
PCs  -  could  that  job  have 


somehow  run  and  affected 
this  other  department?  No, 
says  the  tech  in  charge  of  that 
project.  “So  we  send  a  tech  to 
look  at  the  problem,"  says  a 
pilot  fish  there.  “He  returns  to 
tell  us  that  the  circuit  breaker 
for  that  department's  cubicle 
area  has  tripped  and  all  the 
power  is  off  in  the  cubes.  It 
seems  that  all  the  ladies  in 
that  department  have  person¬ 
al  heaters  in  their  cubes  and 
they  leave  them  on  24/7,  of 
course.  Since  it  got  cold  last 
night  in  Southern  California 
and  we  run  minimal  heating 
and  cooling  after  hours,  they 
all  came  on  full  blast.  The 
huge  suck  of  power  tripped 
the  circuit  breakers.  Problem 
identified  -  now  it’s  up  to  the 
facilities  maintenance  people 
to  try  to  collect  the  heaters 
from  the  department.  I  hope 
they  have  flak  jackets." 

Whatever  Works 

Pilot  fish  is  disappointed  that 
the  Wi-Fi  is  down  at  his  favor¬ 
ite  Internet  cafe,  so  he  talks  to 


one  of  the  staffers  and  offers 
to  help.  "I  found  the  problem 
quickly."  fish  says.  “The  ac¬ 
cess  point  wasn't  plugged 
In.  In  fact,  the  power  supply 
was  missing.  A  few  days  later, 
when  the  Wi-Fi  was  up  again. 

I  asked  the  staffer  about  it. 

It  turned  out  that  the  night 
before  the  outage,  the  duty 
manager  got  tired  of  waiting 
for  the  stragglers  to  leave 
the  cafe  at  closing  time  -  and 
simply  unplugged  and  stashed 
the  power  supply  so  (he  cus¬ 
tomers  would  go  home." 

■  Shark y  loves  an  elegant  solu¬ 
tion  —  or  any  true  tale  of  IT 
life.  Send  me  yours  at  sharky@ 
computerworld.com.  You’ll 
snag  a  snazzy  Shark  shirt  if  I 


I  FRANKLY  SPEAKING 


Frank  Hayes 

About  Face 


FORGET  FACEBOOK.  Well,  OK,  you  can’t  forget  Face- 
book’s  recent  terms-of-use  fiasco  —  it’s  been  all  over  the 
papers.  First  Facebook  claimed  that  it  owns  everything 
that  its  users  post  —  forever.  Then,  after  bloggers  raised 
a  mighty  stink  about  that,  Facebook  reversed  course. 

Does  it  mean  much?  No.  But  there  is  a  reminder  here. 


Not  for  Facebook  users 
—  for  corporate  IT  shops. 

Here’s  what  happened, 
in  a  nutshell:  On  Feb.  4, 
Facebook  made  some 
changes  to  its  terms  of 
use,  the  agreement  under 
which  Facebook  users 
can  post  to  the  social  net¬ 
working  site. 

A  week  and  a  half 
later,  a  blog  called  The 
Consumerist  highlighted 
some  key  wording:  Under 
the  new  terms,  Facebook’s 
right  to  use  user-posted 
information  for  mar¬ 
keting,  promotional  or 
other  purposes  would  no 
longer  automatically  ex- 
:  pire  when  a  user  deleted 
anything  (or  everything) 
from  Facebook. 

From  there,  the  story 
roared  across  the  Internet 
and  into  the  mainstream 
media,  no  doubt  helped 
along  by  The  Consumer- 
ist’s  headline:  “Facebook’s 
New  Terms  of  Service: 
‘We  Can  Do  Anything  We 
Want  With  Your  Content. 

Was  that  what  Face- 


book  had  in  mind  with  the 
change  in  terms?  Prob¬ 
ably  not.  The  new  terms 
of  use  have  the  whiff  of 
overzealous  lawyering, 
combined  with  a  hint  of 
not-yet-announced  busi¬ 
ness  plans. 

Maybe  some  lawyer 
realized  that  backup  tapes 
might  still  contain  info 
a  user  had  removed.  A 
major  crash  plus  a  slightly 
outdated  backup  could 
theoretically  expose 
deleted  user  comments 
or  pictures  to  the  world 

—  and  expose  Facebook 
to  a  lawsuit. 

Perhaps  Facebook  was 
worried  that  it  might  be 
accused  of  destroying 
evidence  in  a  lawsuit  or 
government  investigation 
and  wanted  the  clear  right 

■  We  are  now  at 
a  nexus  of  technol¬ 
ogy,  business,  law, 
public  relations 
and  innovation 

-  and,  oh  yes,  a 


to  archive  that  data. 

Or  maybe  the  company 
was  planning  on  new  con¬ 
nections  with  other  social 
networking  services,  so 
data  might  migrate  be¬ 
yond  its  control,  and  the 
new  terms  were  a  way  of 
covering  its  increasingly 
broad  backside  (175  mil¬ 
lion  users  and  counting). 

Whatever  the  reason, 
Facebook  has  since  rolled 
back  the  changes.  The 
Consumerist  has  backed 
down  from  its  initial 
claims  of  a  big  Facebook 
rights  grab.  Users  will 
deal  —  or  quit  using  Face- 
book. 

But  what’s  the  reminder 
for  corporate  IT  shops? 

It’s  this:  We  are  no  longer 
in  the  IT  business. 

Sure,  we  do  tech  stuff. 
We’re  good  at  it  and  like 
it  That’s  why  we’re  here. 

But  IT  is  now  at  a  nexus 
of  technology,  business, 
law,  public  relations  and 
innovation  —  and,  oh  yes, 
a  major  recession.  And 
technology  is  the  easiest 
part  to  deal  with. 


No,  we’re  not  running 
social  networking  sites. 
But  we’ve  got  an  ever- 
more-complex  network 
of  our  own:  customers, 
users,  business  partners, 
suppliers  and  service 
providers  —  all  with  their 
own  competing  interests 
and  concerns,  especially 
in  the  midst  of  an  eco¬ 
nomic  meltdown. 

A  service  provider 
could  change  its  policies 
or  outsource  a  function 
without  warning  us,  thus 
suddenly  breaking  our 
promises  to  customers. 

Our  management  could 
plan  a  merger  or  a  new 
line  of  business  without 
telling  us  —  instead  hand¬ 
ing  us  puzzling  new  pro¬ 
cedures  or  terms  to  pass 
along  to  customers. 

A  lawsuit  could  require 
us  to  do  things  that  we 
can’t  explain  to  partners 
or  even  our  own  staff. 

See?  It’s  a  mess.  And 
now  it’s  our  mess. 

So  forget  Facebook.  But 
remember  this:  We’ve 
got  many  of  those  same 
complications,  conflicts 
and  confusions  that  led 
to  Facebook’s  very  messy, 
very  public  problem. 

And  Facebook-style 
fiascoes  aren't  just  for 
social  networking  sites 
anymore.  ■ 

Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
atfrank_hayes@ 

I  computerworld.com. 
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Work  with  InterSystems. 


Application  vendors  who  work  with  InterSystems 
connect  with  new  revenue  opportunities. 

You  II  be  more  successful  if  you  embed  InterSystems  workflow,  browser-based  user  interfaces,  rules-based 

Ensemble®  software  in  your  products.  business  processes,  dashboards,  and  other  new 

With  Ensemble,  your  applications  will  become  features  -  without  rewriting  code, 

connectable  —  ready  to  interoperate  with  the  legacy  Our  rapid  integration  &  innovation  platform 

applications  of  your  prospects  and  customers.  That's  a  includes  InterSystems  Cache®,  the  world's  fastest 
valuable  competitive  advantage  for  your  business.  object  database.  Cache's  lightning  speed,  massive 

If  you  have  a  disconnected  product  portfolio,  scalability,  and  rapid  development  environment  give 

Ensemble  will  transform  it  into  a  seamlessly  integrated  Ensemble  unmatched  capabilities. 

suite-  For  3 1  years,  we've  helped  application  vendors 

In  addition,  Ensemble  enables  rapid  innovation.  It  be  more  successful.  Work  with  a  creative  technology 
lets  you  enhance  your  current  products  with  adaptable  partner. 

ImterSystems 


Learn  more  about  connecting  with  new  revenue  opportunities  at  lnterSystems.com/Connect23A 


